Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... ·...
Transcript of Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... ·...
![Page 1: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/1.jpg)
Top 10 Key Attributes of an Enterprise Risk Management Program
ERM003
Speakers:
• Cindy Roelke, Director, Risk and Insurance, The Western Union Company
• David Young, Lecturer, University of Colorado, Denver
![Page 2: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/2.jpg)
Learning Objectives
At the end of this session, you will:
• Describe the essential qualities of a successful ERM program
• Employ mechanisms that maintain key risk focus across all categories of risk
• Assemble arguments to convince your organization’s primary stakeholders of the benefits of ERM
![Page 3: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/3.jpg)
Source Material
• FNCE 4129/6129 – Practical Enterprise Risk Management• Risk Management & Insurance Program, Business School, University of
Colorado Denver
• Currently seeking Mentors for Summer 2016 / Spring 2017 semesters
• Western Union Student ERM Project – Spring 2015• Graduate Student Project on a publically traded company
![Page 4: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/4.jpg)
ERM 10 Key Criteria1) Enterprise-wide scope – all areas in scope
2) All risk categories – financial, operational, strategic & hazard
3) Key risk focus – not hundreds of risks
4) Integrated Risks – captures interactivity of 2+ risks
5) Aggregated Risk – enterprise-level risk exposure/appetite
6) Includes decision-making – not just risk reporting
7) Risk-return Mgmt. – mitigation plus risk exploitation
8) Risk disclosures – integrates ERM information
9) Value impacts – includes company value metrics
10) Primary stakeholder – not rating agency-driven
4
![Page 5: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/5.jpg)
Enterprise-wide Scope
• “Enterprise” is the first word in ERM, yet in traditional ERM, this usually does not occur
1) Insufficient C-Suite and Board of Director oversight
2) Deemed insignificant
3) Limiting approaches to ERM
4) Differing cultures
5) Incomplete implementation
• It’s not true ERM until all areas are in scope
5
![Page 6: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/6.jpg)
Sample ERM Engagement Model
![Page 7: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/7.jpg)
All Risk Categories
• The word “all”
• A significant step forward in the risk management field
• Must include all risk categories
• Financial (market, credit, liquidity, etc.)
• Strategic (strategy execution, competitor risk, emerging, etc.)
• Operational (human resources, technology, etc.)
• Hazard (mostly insurance related risk)
7
![Page 8: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/8.jpg)
All Risk Categories (continued)
• Traditional ERM focuses mostly on financial risks
• Inability to quantify strategic and operational risks
• Myth regarding importance of financial risks• Studies debunk this• Even true for financial services companies • Partly due to poor risk categorization and definition
• Modeler bias• Education, training and experience all in financial• Methods work best for financial risk• Risk of staying within comfort zone: “Searching under streetlamp”• Dangerous significant digits violation / impression of completeness
8
![Page 9: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/9.jpg)
New Category: Emerging Risk
![Page 10: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/10.jpg)
Communicating Emerging RiskDigitalattackmap.com
Informationisbeautiful.net
![Page 11: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/11.jpg)
Key Risk Focus
• Focus on the organization’s key risks
• An Excel Spreadsheet with 100’s of risks is unmanageable
• Utilize Risk Tolerance calculation to determine key risks
• Most likely these risks will be Strategic and Operational Risks
• Key Risk Focus allows for greater accountability
• Transparency and accountability are critical to ensure risk oversight
![Page 12: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/12.jpg)
Sample Accountability Model
![Page 13: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/13.jpg)
Integrated Risks
• Traditional risk management, and even most traditional ERM programs, have “silo” risk measurement, which is suboptimal
a) Incomplete
b) Inefficient
c) Internally inconsistent
13
![Page 14: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/14.jpg)
Integrated Risks (continued)a) Incomplete
• Ignores real-world complexity
• Having only one risk scenario happen at a given time is like every aspect of your business going perfectly, except one
• Ignores biggest threats
• Ignores offsetting risks
• Two risk events occurring “simultaneously” (during same time period, e.g., one year), one downside and one upside
• Other possibilities?
14
![Page 15: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/15.jpg)
Integrated Risks (continued)
• One example of two downside risk events occurring within the same calendar year that involve offsetting:
• First event: Competitor steals away half of company’s business in Russia
• Second event: Russia passes regulations that increase variable costs (costs as percentage of revenues) on U.S. businesses operating in Russia
15
![Page 16: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/16.jpg)
Integrated Risk (continued)
b) Inefficient
• Over-paying
• Not buying (e.g., hedges) in bulk
• Under-communicating
• Not sharing best practices
c) Internally inconsistent
• Different projections of environment, market
• Different bets
16
![Page 17: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/17.jpg)
Aggregated Risk
• Two Metrics
• Enterprise risk exposure (calculated)• Risk appetite (defined by management) (also called risk tolerance, by S&P)
• Traditional ERM programs have neither, resulting in:
• Inability to do primary job of ERM – managing enterprise risk exposure to within risk appetite
• Inability to have correct chronology:1) Calculate enterprise risk exposure2) Define risk appetite3) Cascade down to risk limits4) Instead, uses local management judgment, instinct or old rules-of-
thumb, causing two errors:• Under-mitigating (potentially dangerous, if risk event occurs)• Over-mitigating (waste of resources, e.g., many insurable risks)
17
![Page 18: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/18.jpg)
Risk Appetite / Risk Tolerance
![Page 19: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/19.jpg)
Risk Decision-Making
• Many ERM programs in their infancy merely identify and then report key risks to the Board
• Misses the primary function: risk decision-making
• “Risk Map” is a popular report
• Focus on key risks with materiality
19
![Page 20: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/20.jpg)
WU Student Project Risk Map
![Page 21: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/21.jpg)
Risk-Return Management
• Traditional risk management created perception of risk leaders as obstacles by business segments
• New ventures thwarted by emphasis of risk exposure
• Upside not fairly considered along with increased risk
• ERM is a significant step forward
• Both downside and upside volatility - risk mitigation and risk exploitation - are in scope
• Risk practitioners are now welcome in strategic discussions, perceived as business partners
21
![Page 22: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/22.jpg)
Risk Disclosures
• Improper risk disclosures: most overlooked risks
• Most are boilerplate with significant auditor input
• Yet ERM sophistication varies widely
• Best, safest practice (and likely soon to be a regulatory requirement) is to inform disclosures with ERM information
http://www.sec.gov/news/press/2009/2009-268.htm
22
![Page 23: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/23.jpg)
Value Impacts
• Virtually all talk about “value-added” activities, yet very few measure value
• Most ERM programs use short-term metrics
• Balance sheet impact
• Next quarter’s earnings impact
Inadequate for quantifying the full impacts of risks
Inadequate for informing risk decision-making
23
![Page 24: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/24.jpg)
Primary Stakeholder
• Traditional risk management programs often focus on ratings / rating agencies
• Maximally satisfying rating agencies does not usually lead to maximizing shareholder value
• ERM must focus on primary stakeholder: the shareholder
• All decisions – even risk-priority – must increase company value
24
![Page 25: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/25.jpg)
Next ERM Regulatory Hurdle?
![Page 26: Top 10 Key Attributes of an Enterprise Risk Management Program Handouts/RIMS 16/ERM003... · 2016-05-02 · Top 10 Key Attributes of an Enterprise Risk Management Program ERM003 Speakers:](https://reader031.fdocuments.net/reader031/viewer/2022020303/5b41a0b47f8b9a74588b6282/html5/thumbnails/26.jpg)
Thanks for attending!
Enjoy the rest of RIMS 2016!
Questions / Discussion